Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-15361

Admin Groups are broken when authenticating with an API Key

          Details

          • Type: Bug
          • Status: Resolved
          • Priority: Critical
          • Resolution: Fixed
          • Affects Version/s: 5.6.2
          • Fix Version/s: 5.7.0
          • Component/s: Security
          • Labels:
            None
          • Sprint:
            Leap 26

            Description

            Admin privilliges granted by an Admin group (when the user itself is not a direct admin) no longer work when the API Key is used to authenticate.

            To reproduce:

            1.Create some user
            2.Create a group and mark it as an Admin group (add the user into that group)
            3.Try some admin-only action using the API Key (either with basic auth or the api key header) :
            curl -XGET -u uriahl:AKCp5ZjzFrAR7dWgTbYMVBUSKnXrkoggs9vuSkcpmrd1T6db6WebT7RivLEiCeYoahVuea7Fc "http://localhost:8081/artifactory/api/system/configuration"

            You'll get a 403.

              Attachments

                Activity

                  People

                  • Assignee:
                    nadavy Nadav Yogev
                    Reporter:
                    uriahl Uriah Levy
                    Assigned QA:
                    Anastasiya Muntyan
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    2 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: